Age | Commit message (Collapse) | Author | Files | Lines |
|
Note EIGRP never actually sets the "unreachable" boolean and thus
the associated expert warning is never added; presumably that was
lost at some point.
One exception: The PDCP dissectors have an enum preference for sequence
analysis that was being initialized to true. Use the value defined to
be equal to 1 (RLC only) so that it doesn't change.
Fix #15770
|
|
|
|
A break after return is not needed. Solaris would give a
"statement not reached" warning.
|
|
|
|
As README.developer says:
"Avoid GLib synonyms like gchar and gint and especially don't use
gpointer and gconstpointer, unless you are writing GLib callbacks and
trying to match their signature exactly. These just obscure the code and
gconstpointer in particular is just semantically weird and poor style."
We didn't convert gconstpointers in convert-glib-types.py until
5f807da9ba, so make another pass and do so on everything except our
dissector code. Convert some gpointers as well.
Ping #19116
|
|
|
|
Co-Authored-By: Uli Heilmeier <uh@heilmeier.eu>
|
|
A "sed" script was used to replace all occurrences of "sizeof arr / sizeof
arr[0]" (including one pair of brackets surrounding the whole expression, if
present, and including brackets around the argument to "sizeof", if present)
with an "array_length(x)" macro invocation.
A handful of more complex cases were manually edited.
The resulting code should be identical -- with the exception of a few trivial
details such as __LINE__ values and the precise formatting of assertion
messages.
No attempt has yet been made to address expressions of the form "sizeof arr /
sizeof (TYPE)"; These would probably require manual handling to confirm that
the named TYPE indeed corresponds with the type of the array element.
|
|
libsinsp/dumper.h indirectly includes zlib.h, so make sure its path
is present.
|
|
Note in various places that it should probably be versioned.
|
|
ZLIB_INCLUDE_DIR is not needed to compile falcodump/falco_bridge.
|
|
A miscellaneous assortment of variables which are only ever read can be made
read-only.
|
|
The C standard requires that objects with static storage duration
is initialized to zero.
|
|
Change a strlen() check because this can never be less than zero.
This will remove this warning from cppcheck:
warning: Checking if unsigned expression 'strlen(extcap->fifo)' is
less than zero. [unsignedLessThanZero]
|
|
|
|
Add options to include or exclude process-generated syscalls and
"switch" calls.
|
|
Add support for both capture filter validation and capture time
filtering.
|
|
Ping #19116
|
|
This variable is unused on _WIN32, prevent a warning.
|
|
On Windows and Linux, install extcaps into extcap/<program name> in the
run directory. Do the same for the Windows installation path.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix building with Visual C++ and recent versions of falco-libs.
|
|
Instead of always setting the libssh log level to SSH_LOG_INFO
when an extcap has a ws log level of LOG_LEVEL_DEBUG or lower,
set the libssh log level to a corresponding log level
(NOISY/TRACE, DEBUG/DEBUG, INFO/INFO, MESSAGE and above/WARN).
Format the libssh logging messages more similar to our normal
logging messages, with a libssh domain and using the libssh
priority.
Prior to 0.11.0 (that is, this commit:
https://gitlab.com/libssh/libssh-mirror/-/commit/657d9143d121dfff74f5a63f734d0096c7f37194
) libssh sends some merely informational messages at their WARN
level, so lower that down to INFO, which isn't printed by default
and doesn't get printed in the GUI.
Related to #17888
|
|
ssh_pki_import_privkey_file can return SSH_OK ("import good, go ahead
and try to connect") or two types of errors, SSH_EOF ("file doesn't exist
or permission denied") or SSH_ERROR (any other error). Unfortunately
ssh_get_error() is called on the session, and doesn't provide anything
when importing the key failed.
When we get one of those two errors, add a log message explaining
what's going on. Unfortunately ssh_get_error() is called on the
session, not a key, and doesn't provide anything more when importing
the key failed, so we'll have to be somewhat generic in our error
mssage. It's a user-correctible error, so it's worth putting in the GUI.
When importing the key succeeded but authentication failed, keep
doing what we've been doing, as other methods might still succeed.
Fix #17888
|
|
libssh 0.8.5 was released in October 2018, all known Linux distributions
that currently compile on the master branch with their default
packages include a more recent version, and we ship the 0.10.x series
for Windows and MacOS. (Among major Linux distributions that compile currently,
Debian Buster has 0.8.7).
It has several API changes to ssh_options_get and ssh_options_set, new features,
and a number of bugs and CVEs fixed. We can remove a workaround for a
missing API call in extcap/ssh-base
|
|
|
|
libssh 0.10.0 removed SHA-1 based keys and algorithms from its
default configuration, though they are still supported. We
ship with 0.10.5 in Windows and macOS now, and many Linux
distributions are on 0.10.x as well.
Add the ability to re-enable SHA-1 RSA keys, MAC, and KEX algorithms
with a preference to ciscodump, sshdump, and wifidump.
This will be a little easier in 0.11.0, where it's possible to
just specify the algorithms you want to add to the default list,
instead of having to specify the entire list.
Fix #19510. Fix #19594
|
|
|
|
androiddump uses nonblocking connect on Windows, trying 10 times
with 1ms timeouts in select(). (This is short, but it's generally
trying to connect to the loopback interface.) On UN*X, it uses blocking
sockets, also trying 10 times, with SO_SNDTIMEO set to 2s.
Generally the socket returns nears instaneously, because it's
trying to connect to localhost. If the loopback interface goes
down, however, this results in 20s of timeouts.
Use nonblocking sockets on UN*X as well.
Related to #13104, #15295
|
|
Consolidate code to handle IP addresses in inet_addr.[ch].
|
|
|
|
Move our Falco plugin directories up one level so that we're outside the
hierarchy scanned by plugins_init. This also makes it more clear that
these are Falco plugins and that they don't conform to our plugin API.
|
|
Use the system implementation if available, the internal one if not.
|
|
Replace our strptime code, which is from gnulib,
with the simpler and better NetBSD implementation.
This changes the ws_strptime() stub to unconditionally use
the internal implementation. Previously it would use the
system implementation of available. This is still possible
but is opt-in, i.e., code should add the necessary #ifdefs
and assume responsability for handling non-portable formats
or providing limited functionality on some platforms.
Text import allows the user to specify the strptime()
format freely, so in that case it makes sense to use the
system's implementation, and pass the responsability
for understanding the implementation and the supported
specifiers to the user.
Only fall back to our implementation if the system libc
lacks a strptime().
|
|
Flush after writing the pcap header for the same reasons as
in udpdump (see commit 9ad1ec1651689a39e86562d083a0794d6fcbc2c2)
|
|
Call fflush in udpdump and ciscodump after writing the pcap header
so that it is actually written out even if no packets have arrived yet.
By doing so, dumpcap no longer blocks in cap_pipe_open_live waiting
for the pcap header from the extcap pipe until the first packet is
captured, but instead goes on to (attempt to) open its output.
This means that if we capture no packets that a capture file with
a header but no packet records will be created (and, if not a temp
file, will have to be cleaned up), but that is consistent with tshark
and Wireshark behavior otherwise.
This means you can no longer do a capture to a FIFO or Named Pipe
in this order:
1) Start dumpcap
2) Create the FIFO or Named Pipe
3) Start the flow of packets to the UDP port
which only worked when not dissecting packets. It was broken if tshark
also needed to dissect packets, but evaded the checks for if we were
writing to a FIFO or Named Pipe resulting in behavior mysterious to
users, such as only writing to one of the Named Pipe readers on Windows
(or failing if there aren't enough instances), or having tshark and
the other pipe reader compete for the pipe input and eventually failing
on UN*X.
Instead, the FIFO or Named Pipe needs to be created before launching
dumpcap, or else an ordinary file will be created (on UN*X), or an
error about not being able to open the output (on Windows, since
Named Pipes have a magic prefix, and you can't create an ordinary
file with a named pipe filename.)
Fix #17900.
|
|
sinsp::get_plugin_manager is usable again, so switch back to using it.
|
|
Update to match recent libsinsp 0.11 API changes.
|
|
|
|
Change the data source label to "Log data URL". Fix a tooltip typo.
|
|
snprintf(), sensibly, takes a size_t argument specifying the size of the
buffer. g_snprintf(), bogusly, takes a gulong argument specifying the
size of the buffer, so we had to do casts to avoid narrowing complaints,
but we're just using snprintf() now (as we require C11 or later), and
don't need the casts any more.
|
|
Convert writecap to C99 types. Add maximum and minimum values to
convert-glib-types.py.
Ping #19116
|
|
Convert our extcaps to C99 types. Try to preserve padding in
convert-glib-types.py and add globbing support on Windows.
Ping #19116
|
|
Related to #18009 - Have randpkt default to pcapng, allow selecting
a different capture file format via the common -F option that other
command line tools use, and document it.
For the randpktdump extcap, just use pcapng.
This fixes --all-random, because --all-random requires different
encapsulation per packet. It also fixes the related -r option to
randpkt (though note that picking a file format that doesn't support
ENCAP_PER_PACKET with -r causes problems.)
Document -r in the randpkt man page.
Fix #18944
|
|
|